---
layout: docs
page_title: "Vault release notes"
description: >-
  Key updates for the latest major Vault release
---

# Vault release notes

- **Version**: 1.19.x
- **GA date**: 2025-03-05

@include 'release-notes/intro.mdx'

## Previous releases

- Vault 1.18.x [release notes](/vault/docs/v1.18.x/release-notes/1.18.0) and
  [important changes](/vault/docs/v1.18.x/upgrading/upgrade-to-1.18.x)
- Vault 1.17.x [release notes](/vault/docs/v1.17.x/release-notes/1.17.0) and
  [important changes](/vault/docs/v1.17.x/upgrading/upgrade-to-1.17.x)
- Vault 1.16.x [release notes](/vault/docs/v1.16.x/release-notes/1.16.1) and
  [important changes](/vault/docs/v1.16.x/upgrading/upgrade-to-1.16.x)

## Important changes

| Change          | Affected releases              | Description
|---------------- | ------------------------------ | -----------
| Support change  | 1.16.x                         | 1.16.x moves to [long term support](/vault/docs/enterprise/lts) and 1.19 becomes the current LTS version.
| New behavior    | 1.19.x                         | [Transit support for Ed25519ph and Ed25519ctx signatures](/vault/docs/updates/important-changes#ed25519)
| New behavior    | 1.19.x                         | [Identity system duplicate cleanup](/vault/docs/updates/important-changes##dedupe)
| Breaking change | 1.19.x                         | [Security improvement for LDAP user DN search with `upndomain`](/vault/docs/updates/important-changes#ldap)
| Known issue     | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Duplicate unseal/seal wrap HSM keys](/vault/docs/updates/important-changes##hsm-keys)
| New behavior    | 1.19.x                         | [Anonymized cluster data returned with license utilization](/vault/docs/updates/important-changes#anon-data)
| New behavior    | 1.19.x                         | [Uppercase values are no longer forced to lower case](/vault/docs/updates/important-changes#case-sensitive)
| Known issue     | 1.19.x                         | [Login/token renewal failures after group changes](/vault/docs/updates/important-changes#group-writes)
| New behavior    | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Strict validation for Azure auth login requests](/vault/docs/updates/important-changes#strict-azure)
| Known issue     | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Unexpected LDAP static role rotations on upgrade](/vault/docs/updates/important-changes#ldap-static-role-rotations)
| Known issue     | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Unexpected DB static role rotations on upgrade](/vault/docs/updates/important-changes#db-static-role-rotations)
| Known issue     | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Vault log file missing subsystem logs](/vault/docs/updates/important-changes#missing-logs)
| Known issue     | 1.19.x                         | [Automated rotation stops after unseal](/vault/docs/updates/important-changes#rotation-stops)
| Known issue     | 1.19.x, 1.18.x, 1.17.x, 1.16.x | [Azure Auth fails to authenticate Uniform VMSS instances](/vault/docs/updates/important-changes#azure-vmss)


## Feature deprecations and EOL

Deprecated in 1.19.x | Retired in 1.19.x
-------------------- | ---------------
None                 | [Active Directory plugin](/vault/docs/deprecation#ad-secrets-engine)

@include 'release-notes/deprecation-note.mdx'


## Vault companion updates

Companion updates are Vault updates that live outside the main Vault binary.

**None**.


## Community updates

Follow the learn more links for more information, or browse the list of
[Vault tutorials updated to highlight changes for the most recent GA release](/vault/tutorials/new-release).


<table>
  <thead>
    <tr>
      <th style={{verticalAlign: 'middle'}}>Release</th>
      <th style={{verticalAlign: 'middle'}}>Update</th>
      <th style={{verticalAlign: 'middle'}}>Description</th>
    </tr>
  </thead>

  <tbody>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      Faster availability after restart 
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
    <td style={{verticalAlign: 'middle'}}>
      Identity loading on restart is up to 40% faster and Vault logs include new
      diagnostic information to troubleshoot cluster slowness with the
      `post_unseal_trace_directory` configuration setting.
      <br /><br />
      Learn more: <a href="/vault/docs/configuration#enable_post_unseal_trace">`post_unseal_trace_directory` parameter details</a>
    </td>
  </tr>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      Raft integrated storage
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Corrects a previous issue with Raft nodes generating stale data by
      preventing stale nodes from servicing requests to the cluster.
    </td>
  </tr>

  </tbody>
</table>


## Enterprise updates

<table>
  <thead>
    <tr>
      <th style={{verticalAlign: 'middle'}}>Release</th>
      <th style={{verticalAlign: 'middle'}}>Update</th>
      <th style={{verticalAlign: 'middle'}}>Description</th>
    </tr>
  </thead>
  <tbody>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      Identity
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Opt-in resolution of accidental duplicates in the identity system with a
      gated feature to force deduplication.
      <br /><br />
      Learn more: <a href="/vault/docs/upgrading/deduplication">Find and resolve duplicate Vault identities</a>
    </td>
  </tr>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      Autopilot
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Improved upgrade stability with better cluster leadership reconciliation.
      <br /><br />
      Learn more: <a href="/vault/docs/concepts/integrated-storage/autopilot">Autopilot overview</a>
    </td>
  </tr>

   <tr>
    <td style={{verticalAlign: 'middle'}}>
      Database support
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Onboard static database accounts without immediate rotation, precise
      timing, or coordinating with maintenance windows.
      <br /><br />
      Learn more: <a href="/vault/docs/secrets/databases#onboarding-static-database-users">Onboarding static DB users</a>
    </td>
  </tr>

  <tr>
    <td rowSpan={2} style={{verticalAlign: 'middle'}}>
      Events
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Vault now sends event notifications to subscribers on all Vault nodes
      within a cluster.
    </td>
  </tr>
  <tr>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Notification subscriptions for secret deletion no longer requires a root
      token.
    </td>
  </tr>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      Plugin support
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Run Vault Enterprise plugins external to Vault. Running plugins externally
      is useful in deployments when the plugin requires different environment
      variable values than the Vault binary.
    </td>
  </tr>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      Automated root credential rotation
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
    <td style={{verticalAlign: 'middle'}}>
      Use a rotation manager to regularly rotate credentials for
      AWS (
        <a href="/vault/docs/secrets/aws#schedule-based-root-credential-rotation">secrets</a>,
        &nbsp;
        <a href="/vault/docs/auth/aws#schedule-based-root-credential-rotation">authN</a>
      ),
      Azure (
        <a href="/vault/docs/secrets/azure#root-credential-rotation">secrets</a>,
        &nbsp;
        <a href="/vault/api-docs/auth/azure#rotate-root">authN</a>
      ),
      GCP (
        <a href="/vault/docs/secrets/gcp#root-credential-rotation">secrets</a>,
        &nbsp;
        <a href="/vault/api-docs/auth/gcp#rotate-root-credentials">authN</a>
      ),
      LDAP (
        <a href="/vault/docs/secrets/ldap#root-credential-rotation">secrets</a>,
        &nbsp;
        <a href="/vault/docs/auth/ldap#root-credential-rotation">authN</a>
      ),
      and <a href="/vault/docs/secrets/databases#schedule-based-static-role-rotation">DB plugins</a>
      &nbsp;
      without manual intervention.
    </td>
  </tr>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      AWS plugin
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>ENHANCED</td>
    <td style={{verticalAlign: 'middle'}}>
      Vault now supports AWS static role credentials for multiple AWS accounts
      with a single mount path to better manage AWS credentials at scale.
      <br /><br />
      Learn more: <a href="/vault/docs/secrets/aws#sts-assumerole">STS AssumeRole</a>
    </td>
  </tr>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      GUI support for WIF plugin configuration
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
    <td style={{verticalAlign: 'middle'}}>
      Use the Vault GUI to enable and configure WIF with
      &nbsp;<a href="/vault/docs/secrets/aws#setup">AWS</a>,
      &nbsp;<a href="/vault/docs/secrets/aws#setup">Azure</a>, and
      &nbsp;<a href="/vault/docs/secrets/gcp#setup">GCP</a>
    </td>
  </tr>

  <tr>
    <td style={{verticalAlign: 'middle'}}>
      PKI: Constrained CA support
    </td>
    <td style={{verticalAlign: 'middle', textAlign: 'center'}}>GA</td>
    <td style={{verticalAlign: 'middle'}}>
      Use the PKI plugin to instantiate intermediate CAs with customer defined
      constraints (permitted URI , IPs, excluded DNS, etc.) and delegate PKI
      administration.
      <br /><br />
      Learn more: <a href="/vault/api-docs/secret/pki">PKI plugin API</a>
    </td>
  </tr>

  </tbody>
</table>
